Appl'nNo. 10/821,195 

Response to November 19, 2007 Office Action 

Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of the Claims 

Claim 1 (currently amended) A self-cleansing system that performs routine and cyclical, self- 
cleansing activities without waiting for or detecting a system failure comprising: 

a) at least two subsystems, said at least two subsystems including an active subsystem and 
at least one available inactive subsystem; 

b) a communications link connecting said at least two subsystems; 

c) a local network capable of connecting said at least two subsystems to an external 
network; 

d) an arbitration mechanism capable of designating one of said at least one available 
inactive subsystem to be a designated active system; 

e) an IP address shared by at least said active subsystem and said designated active 
subsystem, only said active subsystem utilizing said IP address to output information to 
said external network; 

f) a transfer mechanism capable of: 

i) deactivating said active subsystem, causing said active subsystem to become a 
deactivated subsystem; and 

ii) activating said designated active subsystem, causing said designated active 
subsystem to become said active subsystem; and 

g) a self-cleansing mechanism capable of cleansing said deactivated subsystem, causing 
said deactivated subsystem to become one of said at least one available inactive 
subsystem. 
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Claim 2 (original) A system according to claim 1, wherein said arbitration mechanism uses a 
criterion to select which of said at least one available inactive subsystem is to be designated 
said designated active subsystem. 

Claim 3 (original) A system according to claim 1, wherein said transfer mechanism is activated 
by a transfer criterion. 

Claim 4 (original) A system according to claim 3. wherein said transfer criterion is a fault 
detection criterion. 

Claim 5 (original) A system according to claim 3, wherein said transfer criterion is an intrusion 
detection criterion. 

Claim 6 (original) A system according to claim 3, wherein said transfer criterion considers time. 

Claim 7 (original) A system according to claim 1, wherein at least two of said at least two 
subsystems are firewalls. 

Claim 8 (original) A system according to claim 1, wherein at least two of said at least two 
subsystems are servers. 
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Claim 9 (original) A system according to claim 1, wherein at least two of said at least two 
subsystems are gateways. 

Claim 10 (original) A system according to claim 1, further including an integrity check 
capability. 

Claim 11 (original) A system according to claim 1, further including an audit capability. 

Claim 12 (original) A system according to claim 1, wherein said self-cleansing mechanism 
includes a capability to reboot at least one of said at least two subsystems. 

Claim 13 (original) A system according to claim 1, further including shared storage accessible by 
at least two of said at least two subsystems. 

Claim 14 (original) A system according to claim 1, wherein said communications link is part of 
said local network. 

Claim 15 (original) A system according to claim 1, wherein said active subsystem is a plurality 
of active subsystems. 

Claim 16 (currently amended) A method of self-cleansing a system by performing routine and 
cyclicak self-cleansing activities without waiting for or detecting a system failure comprising 
the iterative steps of: 
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a) designating one of at least one available inactive subsystem to be a designated active 
subsystem, said at least one available inactive subsystem being part of at least two 
subsystems, said at least two subsystems: 

i) include an active subsystem; 

ii) are connected by a communications link; 

iii) are capable of sharing an IP address; and 

iv) are connected to a local network that is capable of connecting to an external 
network; 

b) when a transfer criterion is satisfied: 

i) deactivating said active subsystem, causing said active subsystem to become a 
deactivated subsystem; and 

ii) activating said designated active subsystem, causing said designated active 
subsystem to become said active subsystem; and 

c) cleansing said deactivated subsystem, causing said deactivated subsystem to become 
one of said at least one available inactive subsystem; 

wherein only said active subsystem utilizes said IP address to output information to said 
external network. 

Claim 17 (original) A method according to claim 16, wherein said step of designating one of at 
least two subsystems to be a designated active subsystem uses a criterion to select which of 
said at least one available inactive subsystem is to be designated said designated active 
subsystem. 
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Claim 18 (original) A method according to claim 17, wherein said transfer criterion is a fault 
detection criterion. 

Claim 19 (original) A method according to claim 17, wherein said transfer criterion is an 
intrusion detection criterion. 

Claim 20 (original) A method according to claim 17, wherein said transfer criterion considers 
time. 

Claim 21 (original) A method according to claim 16, wherein at least two of said at least two 
subsystems are firewalls. 

Claim 22 (original) A method according to claim 16, wherein at least two of said at least two 
subsystems are servers. 

Claim 23 (original) A method according to claim 16, wherein at least two of said at least two 
subsystems are gateways. 

Claim 24 (original) A method according to claim 16, further including the step of checking the 
integrity of at least one of said deactivated subsystem. 

Claim 25 (original) A method according to claim 16, further including the step of auditing said 
system cleansing actions. 
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Claim 26 (original) A method according to claim 16, wherein said step of cleansing said 
deactivated subsystem includes rebooting said deactivated subsystems. 

Claim 27 (original) A method according to claim 16, wherein said active subsystem is a plurality 
of active subsystems. 
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